Package sk.iway.iwcm.system.googleauth

Class GoogleAuthenticator

java.lang.Object
sk.iway.iwcm.system.googleauth.GoogleAuthenticator
All Implemented Interfaces:
IGoogleAuthenticator
public final class GoogleAuthenticator extends Object implements IGoogleAuthenticator
GoogleAuthenticator.java

  • Field Details

    • RNG_ALGORITHM

      public static final String RNG_ALGORITHM
      The system property to specify the random number generator algorithm to use.
      Since:
      0.5.0
      See Also:

    • RNG_ALGORITHM_PROVIDER

      public static final String RNG_ALGORITHM_PROVIDER
      The system property to specify the random number generator provider to use.
      Since:
      0.5.0
      See Also:

    • SCRATCH_CODE_MODULUS

      public static final int SCRATCH_CODE_MODULUS
      Modulus used to truncate the scratch code.

  • Constructor Details

    • GoogleAuthenticator

      public GoogleAuthenticator()

    • GoogleAuthenticator

      public GoogleAuthenticator(GoogleAuthenticatorConfig config)

  • Method Details

    • createCredentials

      public GoogleAuthenticatorKey createCredentials()
      Description copied from interface: IGoogleAuthenticator
      This method generates a new set of credentials including:
      1. Secret key.
      2. Validation code.
      3. A list of scratch codes.

      The user must register this secret on their device.

      Specified by:
      createCredentials in interface IGoogleAuthenticator
      Returns:
      secret key

    • createCredentials

      public GoogleAuthenticatorKey createCredentials(String userName)
      Description copied from interface: IGoogleAuthenticator
      This method generates a new set of credentials invoking the #createCredentials method with no arguments. The generated credentials are then saved using the configured #ICredentialRepository service.

      The user must register this secret on their device.

      Specified by:
      createCredentials in interface IGoogleAuthenticator
      Parameters:
      userName - the user name.
      Returns:
      secret key

    • getTotpPassword

      public int getTotpPassword(String secret)
      Description copied from interface: IGoogleAuthenticator
      This method generates the current TOTP password.
      Specified by:
      getTotpPassword in interface IGoogleAuthenticator
      Parameters:
      secret - the encoded secret key.
      Returns:
      the current TOTP password.

    • getTotpPassword

      public int getTotpPassword(String secret, long time)
      Description copied from interface: IGoogleAuthenticator
      This method generates the TOTP password at the specified time.
      Specified by:
      getTotpPassword in interface IGoogleAuthenticator
      Parameters:
      secret - The encoded secret key.
      time - The time to use to calculate the password.
      Returns:
      the TOTP password at the specified time.

    • getTotpPasswordOfUser

      public int getTotpPasswordOfUser(String userName)
      Description copied from interface: IGoogleAuthenticator
      This method generates the current TOTP password.
      Specified by:
      getTotpPasswordOfUser in interface IGoogleAuthenticator
      Parameters:
      userName - The user whose password must be created.
      Returns:
      the current TOTP password.

    • getTotpPasswordOfUser

      public int getTotpPasswordOfUser(String userName, long time)
      Description copied from interface: IGoogleAuthenticator
      This method generates the TOTP password at the specified time.
      Specified by:
      getTotpPasswordOfUser in interface IGoogleAuthenticator
      Parameters:
      userName - The user whose password must be created.
      time - The time to use to calculate the password.
      Returns:
      the TOTP password at the specified time.

    • authorize

      public boolean authorize(String secret, int verificationCode) throws GoogleAuthenticatorException
      Description copied from interface: IGoogleAuthenticator
      Checks a verification code against a secret key using the current time.
      Specified by:
      authorize in interface IGoogleAuthenticator
      Parameters:
      secret - the encoded secret key.
      verificationCode - the verification code.
      Returns:
      true if the validation code is valid, false otherwise.
      Throws:
      GoogleAuthenticatorException - if a failure occurs during the calculation of the validation code. The only failures that should occur are related with the cryptographic functions provided by the JCE.
      See Also:

    • authorize

      public boolean authorize(String secret, int verificationCode, long time) throws GoogleAuthenticatorException
      Description copied from interface: IGoogleAuthenticator
      Checks a verification code against a secret key using the specified time. The algorithm also checks in a time window whose size determined by the windowSize property of this class.

      The default value of 30 seconds recommended by RFC 6238 is used for the interval size.

      Specified by:
      authorize in interface IGoogleAuthenticator
      Parameters:
      secret - The encoded secret key.
      verificationCode - The verification code.
      time - The time to use to calculate the TOTP password..
      Returns:
      true if the validation code is valid, false otherwise.
      Throws:
      GoogleAuthenticatorException - if a failure occurs during the calculation of the validation code. The only failures that should occur are related with the cryptographic functions provided by the JCE.

    • authorizeUser

      public boolean authorizeUser(String userName, int verificationCode) throws GoogleAuthenticatorException
      Description copied from interface: IGoogleAuthenticator
      This method validates a verification code of the specified user whose private key is retrieved from the configured credential repository using the current time. This method delegates the validation to the IGoogleAuthenticator.authorizeUser(String, int, long).
      Specified by:
      authorizeUser in interface IGoogleAuthenticator
      Parameters:
      userName - The user whose verification code is to be validated.
      verificationCode - The validation code.
      Returns:
      true if the validation code is valid, false otherwise.
      Throws:
      GoogleAuthenticatorException - if an unexpected error occurs.
      See Also:

    • authorizeUser

      public boolean authorizeUser(String userName, int verificationCode, long time) throws GoogleAuthenticatorException
      Description copied from interface: IGoogleAuthenticator
      This method validates a verification code of the specified user whose private key is retrieved from the configured credential repository. This method delegates the validation to the IGoogleAuthenticator.authorize(String, int, long) method.
      Specified by:
      authorizeUser in interface IGoogleAuthenticator
      Parameters:
      userName - The user whose verification code is to be validated.
      verificationCode - The validation code.
      time - The time to use to calculate the TOTP password.
      Returns:
      true if the validation code is valid, false otherwise.
      Throws:
      GoogleAuthenticatorException - if an unexpected error occurs.
      See Also:

    • getCredentialRepository

      public ICredentialRepository getCredentialRepository()
      This method loads the first available ICredentialRepository registered using the Java service loader API.
      Specified by:
      getCredentialRepository in interface IGoogleAuthenticator
      Returns:
      the first registered ICredentialRepository or null if none is found.

    • setCredentialRepository

      public void setCredentialRepository(ICredentialRepository repository)
      Description copied from interface: IGoogleAuthenticator
      This method sets the credential repository used by this instance. If null is passed to this method, no credential repository will be used, nor discovered using the ServiceLoader API.
      Specified by:
      setCredentialRepository in interface IGoogleAuthenticator
      Parameters:
      repository - The credential repository to use, or null to disable this feature.